I don’t care about social graph being visible so long as there isn’t identifiable info during sign up. well said
you can also look into hosted services like EMS but I don’t know if you have to provide identifiable info.
But what if matrix was self hosted on a hostile network.
it’s all encrypted on the client -> e2e. even if it was http and no SSL
Say matrix was running from a hotel WiFi.
you have to provide a domain, I’m not sure how easy it would be to run it without and only locally on a LAN. IT’s possible but the experience wont be good. you also can’t federate. It’s much easier to use a hosted server.
How would one secure the service.
the same way like you’d do it with a publicly exposed host.
BUT I think I’d go with p2p matrix before going the LAN route.